From fe9d31a076334c2fa9d937745048ee526cd82ab4 Mon Sep 17 00:00:00 2001 From: Christiaan Goossens Date: Sun, 2 Apr 2017 11:50:45 +0200 Subject: [PATCH] Finalized IDOB + small changes concerning redirects --- src/Application/API/Handler.php | 133 +++++++++++++-------- src/Application/Auth/Middleware.php | 11 +- src/Application/Helper/IBAN.php | 29 +++-- src/Application/Helper/Idob/Client.php | 54 +++++++++ src/Application/Helper/Idob/Transactie.php | 75 ++++++++++++ src/Application/Helper/Overboekingen.php | 10 +- src/Application/Idob.php | 103 ++++++++++++++++ src/Application/Login.php | 9 +- src/bootstrap.php | 3 +- templates/idob.phtml | 65 ++++++++++ templates/idobmislukt.phtml | 5 + 11 files changed, 430 insertions(+), 67 deletions(-) create mode 100644 src/Application/Helper/Idob/Client.php create mode 100644 src/Application/Helper/Idob/Transactie.php create mode 100644 src/Application/Idob.php create mode 100644 templates/idob.phtml create mode 100644 templates/idobmislukt.phtml diff --git a/src/Application/API/Handler.php b/src/Application/API/Handler.php index 972f7fe..2ec6c3b 100644 --- a/src/Application/API/Handler.php +++ b/src/Application/API/Handler.php @@ -15,6 +15,8 @@ namespace Inforbank\Application\API; use \Slim\App; +use Inforbank\Application\Helper\Idob\Client; +use Inforbank\Application\Helper\Idob\Transactie; class Handler { @@ -38,37 +40,64 @@ class Handler $this->post('/transactionRequest', function ($request, $response, $args) { $parsedBody = $request->getParsedBody(); - if (isset($parsedBody['clientId']) && isset($parsedBody['transactionId']) && isset($parsedBody['amount']) && isset($parsedBody['description']) && isset($parsedBody['returnUrl']) && isset($parsedBody['sha1'])) { + if (isset($parsedBody['clientId']) && isset($parsedBody['transactionId']) && isset($parsedBody['amount']) && isset($parsedBody['description']) && isset($parsedBody['returnUrl']) && isset($parsedBody['hash'])) { // Correct request + try { + $client = new Client($parsedBody['clientId']); + $clientSecret = $client->getClientSecret(); - if ($parsedBody['clientId'] !== Handler::getClientId()) { - $response = $response->withStatus(403); - $responseJSON = array( - "success" => false, - "error" => "Incorrect client id." - ); - } else { - $clientSecret = Handler::getClientSecret(); - $sha = sha1($parsedBody['transactionId'] . $parsedBody['amount'] . $clientSecret); + $sha = hash("sha256", $parsedBody['transactionId'] . $parsedBody['amount'] . $clientSecret); - if ($sha === $parsedBody['sha1']) { - $responseJSON = array( - "success" => true, - "redirect" => "https://example.com" - ); + if ($sha === $parsedBody['hash']) { + if ($parsedBody['returnUrl'] === $client->getClientRedirectURI()) { + // Voeg de transactie toe aan de lijst en stuur een response + try { + $reference = $parsedBody['transactionId']; + $amount = ((double) $parsedBody['amount']) / 100; + $description = $parsedBody['description']; + $clientId = $parsedBody['clientId']; + + $transactie = Transactie::createTransactie($reference, $clientId, $amount, $description); + + $uri = $request->getUri(); + + $responseJSON = array( + "success" => true, + "redirect" => $uri->getBaseUrl() . "/idob/betalen?trxid=" . $transactie + ); + } catch (\Exception $e) { + $response = $response->withStatus(500); + $responseJSON = array( + "success" => false, + "error" => $e->getMessage() + ); + } + } else { + $response = $response->withStatus(400); + $responseJSON = array( + "success" => false, + "error" => "Unknown return URI." + ); + } } else { $response = $response->withStatus(403); $responseJSON = array( "success" => false, - "error" => "Incorrect sha1 verification hash." + "error" => "Incorrect verification hash." ); } + } catch (\Exception $e) { + $response = $response->withStatus(403); + $responseJSON = array( + "success" => false, + "error" => "Incorrect client id." + ); } } else { $response = $response->withStatus(400); $responseJSON = array( "success" => false, - "error" => "Missing one of the following attributes: [clientId, transactionId, amount, description, returnUrl, sha1]" + "error" => "Missing one of the following attributes: [clientId, transactionId, amount, description, returnUrl, hash]" ); } @@ -88,41 +117,59 @@ class Handler $this->post('/statusRequest', function ($request, $response, $args) { $parsedBody = $request->getParsedBody(); - if (isset($parsedBody['clientId']) && isset($parsedBody['transactionId']) && isset($parsedBody['sha1'])) { + if (isset($parsedBody['clientId']) && isset($parsedBody['transactionId']) && isset($parsedBody['hash'])) { // Correct request + try { + $client = new Client($parsedBody['clientId']); + $clientSecret = $client->getClientSecret(); - if ($parsedBody['clientId'] !== Handler::getClientId()) { - $response = $response->withStatus(403); - $responseJSON = array( - "success" => false, - "error" => "Incorrect client id." - ); - } else { - $clientSecret = Handler::getClientSecret(); - $sha = sha1($parsedBody['transactionId'] . $clientSecret); + $sha = hash("sha256", $parsedBody['transactionId'] . $clientSecret); - if ($sha === $parsedBody['sha1']) { - $responseJSON = array( - "success" => true, - "transaction" => array( - "status" => "Success", - "transactionId" => "notyetfromdb", - "someotherrandomkey" => "changethis" - ) - ); + if ($sha === $parsedBody['hash']) { + try { + $transactie = Transactie::getTransactie($parsedBody['transactionId']); + + if ($transactie['clientId'] === $parsedBody['clientId']) { + $responseJSON = array( + "success" => true, + "transaction" => array( + "reference" => $transactie['reference'], + "status" => $transactie['status'] + ) + ); + } else { + $response = $response->withStatus(500); + $responseJSON = array( + "success" => false, + "error" => "Transaction not found." + ); + } + } catch (\Exception $e) { + $response = $response->withStatus(500); + $responseJSON = array( + "success" => false, + "error" => $e->getMessage() + ); + } } else { $response = $response->withStatus(403); $responseJSON = array( "success" => false, - "error" => "Incorrect sha1 verification hash." + "error" => "Incorrect verification hash." ); } + } catch (\Exception $e) { + $response = $response->withStatus(403); + $responseJSON = array( + "success" => false, + "error" => "Incorrect client id." + ); } } else { $response = $response->withStatus(400); $responseJSON = array( "success" => false, - "error" => "Missing one of the following attributes: [clientId, transactionId, sha1]" + "error" => "Missing one of the following attributes: [clientId, transactionId, hash]" ); } @@ -138,14 +185,4 @@ class Handler return $next($request, $response); }); } - - public static function getClientId() - { - return 'de-webshop'; - } - - public static function getClientSecret() - { - return '42'; - } } diff --git a/src/Application/Auth/Middleware.php b/src/Application/Auth/Middleware.php index 4da1563..f9b8ec5 100644 --- a/src/Application/Auth/Middleware.php +++ b/src/Application/Auth/Middleware.php @@ -22,13 +22,22 @@ class Middleware public function __invoke($request, $response, $next) { $container = Application::getContainer(); + $uri = $request->getUri(); + $path = $uri->getPath(); + $query = $uri->getQuery(); // Check for an existing session if ($container->auth->isUserAuthenticated()) { return $next($request, $response); } else { // Redirect to the login page - return Redirect::create($request, $response, '/login'); + if ($query !== "") { + return Redirect::create($request, $response, '/login?redirect='.$path."&".$query); + } elseif ($path = "/") { + return Redirect::create($request, $response, '/login'); + } else { + return Redirect::create($request, $response, '/login?redirect='.$path); + } } } } diff --git a/src/Application/Helper/IBAN.php b/src/Application/Helper/IBAN.php index e5664db..787b531 100644 --- a/src/Application/Helper/IBAN.php +++ b/src/Application/Helper/IBAN.php @@ -21,16 +21,17 @@ class IBAN $newword = ""; $wordarray = str_split($word); foreach ($wordarray as $v) { - if(ctype_alpha($v)){ + if (ctype_alpha($v)) { $newword .= ord(strtolower($v)) - 87; - }else{ + } else { $newword .= $v; } } return $newword; } - private function getCheckDigits($bignum){ + private function getCheckDigits($bignum) + { //Modulo staartdeling $modulo97 = (int)substr($bignum, 0, 6); $modulo97 = $modulo97 % 97; @@ -46,8 +47,9 @@ class IBAN } return $checkdigits; } - - public function isValidIBAN($iban){ + + public function isValidIBAN($iban) + { $iban = str_replace(" ", "", $iban); $landcode = substr($iban, 0, 2); $controle = substr($iban, 2, 2); @@ -57,19 +59,22 @@ class IBAN $nummer = $this->wordToNumbers($identificatie); return $controle == $this->getCheckDigits($nummer); } - - public function getRekeningNummer($iban){ + + public function getRekeningNummer($iban) + { return substr(str_replace(" ", "", $iban), 8); } - - public function getBank($iban){ + + public function getBank($iban) + { return substr(str_replace(" ", "", $iban), 4, 4); } - - public function getLand($iban){ + + public function getLand($iban) + { return substr(str_replace(" ", "", $iban), 0, 2); } - + public function getIBAN($rekeningnr) { $landcode = "NL"; // NL in vertaling diff --git a/src/Application/Helper/Idob/Client.php b/src/Application/Helper/Idob/Client.php new file mode 100644 index 0000000..2727922 --- /dev/null +++ b/src/Application/Helper/Idob/Client.php @@ -0,0 +1,54 @@ +db; + + $this->client = $db->idobc->where("clientId", $id)->limit(1)->fetch(); + + if (!$this->client) { + throw new \Exception("There is no client with this id"); + } + } + + public function getClientSecret() + { + return $this->client['clientSecret']; + } + + public function getClientRedirectURI() + { + return $this->client['redirectUri']; + } + + public function getClientName() + { + return $this->client['naam']; + } + + public function getClientRekening() + { + return $this->client['rekeningnr']; + } +} diff --git a/src/Application/Helper/Idob/Transactie.php b/src/Application/Helper/Idob/Transactie.php new file mode 100644 index 0000000..5906ad4 --- /dev/null +++ b/src/Application/Helper/Idob/Transactie.php @@ -0,0 +1,75 @@ +db; + + $trans = $db->idobt->insert([ + "reference" => $reference, + "clientId" => $clientId, + "amount" => $amount, + "description" => $description, + "status" => 1 + ]); + return $trans['id']; + } + + public static function getTransactie($id) + { + $container = Application::getContainer(); + $db = $container->db; + + $transactie = $db->idobt->where("transactieId", $id)->limit(1)->fetch(); + + if (!$transactie) { + throw new \Exception("Transaction not found"); + } + + return array( + "transactieId" => $transactie['transactieId'], + "reference" => $transactie['reference'], + "clientId" => $transactie['clientId'], + "amount" => (double) $transactie['amount'], + "description" => $transactie['description'], + "status" => (int) $transactie['status'] + ); + } + + public static function setTransactionStatus($id, $status) + { + $container = Application::getContainer(); + $db = $container->db; + + $transactie = $db->idobt->where("transactieId", $id)->limit(1); + if (!$transactie) { + throw new \Exception("Transaction not found"); + } + + $transactie->update(array( + "status" => $status + )); + + if (!$transactie) { + throw new \Exception("Failed to update status"); + } + } +} diff --git a/src/Application/Helper/Overboekingen.php b/src/Application/Helper/Overboekingen.php index 5dc6e93..263ebe8 100644 --- a/src/Application/Helper/Overboekingen.php +++ b/src/Application/Helper/Overboekingen.php @@ -16,16 +16,18 @@ use Inforbank\Application; * * @author Sjelm */ -class Overboekingen { +class Overboekingen +{ /** - * + * * @param IBAN $van De rekening waar het bedrag vanaf wordt gehaald * @param IBAN $naar De rekening waar het bedrag bijkomt * @param double $bedrag Het bedrag * @param string $omschrijving De omschrijving van de overoeking * $param string $type Het type overboeking */ - public static function createOverboeking($van, $naar, $bedrag, $omschrijving, $type){ + public static function createOverboeking($van, $naar, $bedrag, $omschrijving, $type) + { $rekeningen = Rekeningen::getCurrentUserRekeningen(); $vanRekening = false; @@ -59,7 +61,7 @@ class Overboekingen { //TODO geldigheid bedrag onderzoeken //$bedragValue = (double) $bedrag; - if (strlen($omschrijving) > 40) { + if (strlen($omschrijving) > 40 && $type !== "id") { //error: te lange omschrijving throw new Exception("De omschrijving is te lang"); } diff --git a/src/Application/Idob.php b/src/Application/Idob.php new file mode 100644 index 0000000..16e30b9 --- /dev/null +++ b/src/Application/Idob.php @@ -0,0 +1,103 @@ +group('/idob', function () { + $this->get('/betalen', function ($request, $response, $args) { + $query = $request->getQueryParams(); + $rekeningen = Rekeningen::getCurrentUserRekeningen(); + + try { + $transactie = Transactie::getTransactie($query['trxid']); + $client = new Client($transactie['clientId']); + $naam = $client->getClientName(); + } catch (\Exception $e) { + $transactie = false; + } + + return $this->renderer->render($response, 'idob.phtml', [ + 'header' => Header::getHeaderData(), + 'transactie' => $transactie, + 'webwinkel' => $naam, + 'rekeningen' => $rekeningen + ]); + }); + + $this->get('/mislukt', function ($request, $response, $args) { + return $this->renderer->render($response, 'idobmislukt.phtml', [ + 'header' => Header::getHeaderData() + ]); + }); + + $this->post('/betalen', function ($request, $response, $args) { + $query = $request->getQueryParams(); + $post = $request->getParsedBody(); + $van = $post['van']; + + try { + $transactie = Transactie::getTransactie($query['trxid']); + $client = new Client($transactie['clientId']); + $redirectUri = $client->getClientRedirectURI(); + $rekening = $client->getClientRekening(); + $naam = $client->getClientName(); + + try { + /** + * All set to pay! + */ + $ibanhelper = new IBAN(); + + // Do overboeking + Overboekingen::createOverboeking($ibanhelper->getIBAN($van), $ibanhelper->getIBAN($rekening), $transactie['amount'], "Betaling aan " . $naam . " voor transactie " . $transactie['reference'], "id"); + + // Do Status update + Transactie::setTransactionStatus($transactie['transactieId'], 2); + + // Do bericht + Berichten::newBericht($this->auth->getUserID(), $naam, "Betaling met transactiereferentie " . $transactie['reference'] . " gelukt."); + + $response = $response->withStatus(302); + $response = $response->withHeader('Location', $redirectUri . "?trxid=".$transactie['transactieId']); + return $response; + } catch (\Exception $e) { + $response = $response->withStatus(302); + $response = $response->withHeader('Location', $redirectUri . "?error=".$e->getMessage()); + return $response; + } + } catch (\Exception $e) { + return Redirect::create($request, $response, "/idob/mislukt"); + } + }); + })->add(new Middleware()); + } +} diff --git a/src/Application/Login.php b/src/Application/Login.php index e70e27c..90811ef 100644 --- a/src/Application/Login.php +++ b/src/Application/Login.php @@ -38,12 +38,19 @@ class Login $post = $request->getParsedBody(); $query = $request->getQueryParams(); $redirect = $query['redirect']; + unset($query['redirect']); + + $queryString = http_build_query($query); try { $resp = $this->auth->login($post['rekeningnr'], $post['pascode']); if ($resp && $redirect !== "") { - return Redirect::create($request, $response, $redirect); + if ($queryString !== "") { + return Redirect::create($request, $response, $redirect . "?" . $queryString); + } else { + return Redirect::create($request, $response, $redirect); + } } elseif ($resp) { return Redirect::create($request, $response, '/rekeningen'); } else { diff --git a/src/bootstrap.php b/src/bootstrap.php index 1d5b28b..4113cd9 100644 --- a/src/bootstrap.php +++ b/src/bootstrap.php @@ -136,9 +136,10 @@ new Inforbank\Application\Rekeningen($app); new Inforbank\Application\Berichten($app); /** - * API + * Idob */ new Inforbank\Application\API\Handler($app); +new Inforbank\Application\Idob($app); /** * Bij het maken van dit object is in de class de __construct functie aangeroepen met de parameter $app. De functies die daar in staan zullen nu worden uitgevoerd. diff --git a/templates/idob.phtml b/templates/idob.phtml new file mode 100644 index 0000000..ef41b2b --- /dev/null +++ b/templates/idob.phtml @@ -0,0 +1,65 @@ + + +

Betalen via Inforbank Direct Online Betalen

+ + + + +
+
+
+
Transactie
+
+ Transactiereferentie +

+
+ Ontvangende partij: +

+
+ Te betalen: +

+
+
+
+
Omschrijving
+
+ +
+
+ +
+
+
+
+ +
+ +
+
+
+

+

Door het klikken op "Accepteren" hieronder, accepteert u de betaling en zal er worden overgemaakt aan ter betaling van het order met de transactierefrentie .

Ga alleen verder als u zeker weet dat deze gegevens kloppen. U kunt ook de omschrijving van de transactie bekijken. Na de betaling wordt u teruggestuurd naar de webshop. +

+
+
+
+ +
+
+
+
+
+ + + diff --git a/templates/idobmislukt.phtml b/templates/idobmislukt.phtml new file mode 100644 index 0000000..416585f --- /dev/null +++ b/templates/idobmislukt.phtml @@ -0,0 +1,5 @@ + + + + +